Signature Detail
This site is deprecated. Please CLICK HERE for latest updates
Short Name |
HTTP:STC:DL:LIBXML2-ENTRY-NAME |
|---|---|
Severity |
Major |
Recommended |
No |
Recommended Action |
Drop |
Category |
HTTP |
Keywords |
libxml2 XML File Processing Long Entity Name Buffer Overflow |
Release Date |
2010/10/13 |
Update Number |
1791 |
Supported Platforms |
idp-4.0+, isg-3.1.134269+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+ |
HTTP: libxml2 XML File Processing Long Entity Name Buffer Overflow
This signature detects attempts to exploit a known vulnerability in libxml2 XML library. A successful attack could allow the attacker to execute arbitrary code on the targeted system. Failed exploit attempts could result in a denial of service condition.
Extended Description
The 'libxml' library is prone to a heap-based buffer-overflow vulnerability because the software fails to perform adequate boundary checks on user-supplied data. An attacker can exploit this issue to execute arbitrary within the context of an application using the affected library. Failed exploit attempts will result in a denial-of-service vulnerability.
Affected Products
- Apple iphone 1
- Apple iphone 1.0.1
- Apple iphone 1.0.2
- Apple iphone 1.1
- Apple iphone 1.1.1
- Apple iphone 1.1.2
- Apple iphone 1.1.3
- Apple iphone 1.1.4
- Apple iphone 2.0
- Apple iphone 2.0.1
- Apple iphone 2.0.2
- Apple iphone 2.1
- Apple iphone 2.2
- Apple iphone 2.2.1
- Apple ipod_touch 1.1
- Apple ipod_touch 1.1.1
- Apple ipod_touch 1.1.2
- Apple ipod_touch 1.1.3
- Apple ipod_touch 1.1.4
- Apple ipod_touch 2.0
- Apple ipod_touch 2.0.1
- Apple ipod_touch 2.0.2
- Apple ipod_touch 2.1
- Apple ipod_touch 2.2
- Apple ipod_touch 2.2.1
- Apple safari 1.0.0
- Apple safari 1.1.0
- Apple safari 1.2.0
- Apple safari 1.2.1
- Apple safari 1.2.2
- Apple safari 1.2.3
- Apple safari 1.3.0
- Apple safari 1.3.1
- Apple safari 1.3.2
- Apple safari 2.0.1
- Apple safari 2.0.2
- Apple safari 2.0.3
- Apple safari 2.0.4
- Apple safari 3
- Apple safari 3.0.1 Beta
- Apple safari 3.0.1 Beta For Windows
- Apple safari 3.0.2 Beta
- Apple safari 3.0.2 Beta For Windows
- Apple safari 3.0.3 Beta
- Apple safari 3.0.3 Beta For Windows
- Apple safari 3.0.4 Beta For Windows
- Apple safari 3.1
- Apple safari 3.1.1
- Apple safari 3.1.1 For Windows
- Apple safari 3.1.2
- Apple safari 3.1.2 For Windows
- Apple safari 3.1 For Windows
- Apple safari 3.2
- Apple safari 3.2.2 For Windows
- Apple safari 3 Beta
- Apple safari 3 Beta For Windows
- Apple safari 4 Beta
- Apple safari Beta 2
- Apple safari_for_windows 3.2.1
- Avaya aura_application_enablement_services 3.1.6
- Avaya aura_application_enablement_services 4.2.1
- Avaya aura_sip_enablement_services 5.0
- Avaya cms_server 13.0.0
- Avaya cms_server 13.1
- Avaya cms_server 14.0
- Avaya cms_server 14.1
- Avaya cms_server 15.0
- Avaya communication_manager 3.1
- Avaya communication_manager 3.1.4 SP2
- Avaya communication_manager 4.0
- Avaya communication_manager 4.0.3 SP1
- Avaya communication_manager 5.0
- Avaya communication_manager 5.0 SP3
- Avaya communication_manager 5.1
- Avaya emmc 1.017
- Avaya emmc 1.021
- Avaya emmc
- Avaya intuity_audix_lx 2.0
- Avaya meeting_exchange 5.0
- Avaya meeting_exchange 5.0.0.0.52
- Avaya meeting_exchange-enterprise_edition
- Avaya message_networking 3.1
- Avaya message_networking MN 3.1
- Avaya message_networking
- Avaya messaging_storage_server 1.0
- Avaya messaging_storage_server 2.0
- Avaya messaging_storage_server 3.1
- Avaya messaging_storage_server 4.0
- Avaya messaging_storage_server MM3.0
- Avaya messaging_storage_server
- Avaya proactive_contact 3.0
- Avaya proactive_contact 4.0
- Avaya proactive_contact
- Avaya voice_portal 3.0
- Avaya voice_portal 4.0
- Avaya voice_portal 4.1
- Debian linux 4.0
- Debian linux 4.0 Alpha
- Debian linux 4.0 Amd64
- Debian linux 4.0 Arm
- Debian linux 4.0 Hppa
- Debian linux 4.0 Ia-32
- Debian linux 4.0 Ia-64
- Debian linux 4.0 M68k
- Debian linux 4.0 Mips
- Debian linux 4.0 Mipsel
- Debian linux 4.0 Powerpc
- Debian linux 4.0 S/390
- Debian linux 4.0 Sparc
- Gentoo linux
- Mandriva corporate_server 3.0.0
- Mandriva corporate_server 3.0.0 X86 64
- Mandriva corporate_server 4.0
- Mandriva corporate_server 4.0.0 X86 64
- Mandriva linux_mandrake 2007.1
- Mandriva linux_mandrake 2007.1 X86 64
- Mandriva linux_mandrake 2008.0
- Mandriva linux_mandrake 2008.0 X86 64
- Mandriva linux_mandrake 2008.1
- Mandriva linux_mandrake 2008.1 X86 64
- Nortel_networks self-service-ccss7
- Nortel_networks self-service_mps_1000
- Nortel_networks self-service_peri_application
- Nortel_networks self-service_peri_workstation
- Red_hat desktop 3.0.0
- Red_hat desktop 4.0.0
- Red_hat enterprise_linux 5 Server
- Red_hat enterprise_linux_as 3
- Red_hat enterprise_linux_as 4
- Red_hat enterprise_linux_desktop 5 Client
- Red_hat enterprise_linux_desktop_workstation 5 Client
- Red_hat enterprise_linux_es 3
- Red_hat enterprise_linux_es 4
- Red_hat enterprise_linux_ws 3
- Red_hat enterprise_linux_ws 4
- Rpath appliance_platform_linux_service 1
- Rpath appliance_platform_linux_service 2
- Rpath rpath_linux 1
- Rpath rpath_linux 2
- Sun java_system_access_manager_policy_agent 2.2
- Sun management_center 3.6
- Sun management_center 3.6.1
- Sun management_center 4.0
- Sun opensolaris Build Snv 01
- Sun opensolaris Build Snv 02
- Sun opensolaris Build Snv 100
- Sun opensolaris Build Snv 13
- Sun opensolaris Build Snv 19
- Sun opensolaris Build Snv 22
- Sun opensolaris Build Snv 29
- Sun opensolaris Build Snv 36
- Sun opensolaris Build Snv 39
- Sun opensolaris Build Snv 50
- Sun opensolaris Build Snv 57
- Sun opensolaris Build Snv 59
- Sun opensolaris Build Snv 61
- Sun opensolaris Build Snv 64
- Sun opensolaris Build Snv 67
- Sun opensolaris Build Snv 68
- Sun opensolaris Build Snv 76
- Sun opensolaris Build Snv 77
- Sun opensolaris Build Snv 78
- Sun opensolaris Build Snv 80
- Sun opensolaris Build Snv 82
- Sun opensolaris Build Snv 83
- Sun opensolaris Build Snv 84
- Sun opensolaris Build Snv 85
- Sun opensolaris Build Snv 87
- Sun opensolaris Build Snv 88
- Sun opensolaris Build Snv 89
- Sun opensolaris Build Snv 90
- Sun opensolaris Build Snv 91
- Sun opensolaris Build Snv 92
- Sun opensolaris Build Snv 95
- Sun opensolaris Build Snv 96
- Sun opensolaris Build Snv 99
- Sun solaris 10 Sparc
- Sun solaris 10 X86
- Sun solaris 9 Sparc
- Sun solaris 9 X86
- Suse opensuse 10.2
- Suse opensuse 10.3
- Suse opensuse 11.0
- Ubuntu ubuntu_linux 6.06 LTS Amd64
- Ubuntu ubuntu_linux 6.06 LTS I386
- Ubuntu ubuntu_linux 6.06 LTS Powerpc
- Ubuntu ubuntu_linux 6.06 LTS Sparc
- Ubuntu ubuntu_linux 8.04 LTS Amd64
- Ubuntu ubuntu_linux 8.04 LTS I386
- Ubuntu ubuntu_linux 8.04 LTS Lpia
- Ubuntu ubuntu_linux 8.04 LTS Powerpc
- Ubuntu ubuntu_linux 8.04 LTS Sparc
- Ubuntu ubuntu_linux 8.10 Amd64
- Ubuntu ubuntu_linux 8.10 I386
- Ubuntu ubuntu_linux 8.10 Lpia
- Ubuntu ubuntu_linux 8.10 Powerpc
- Ubuntu ubuntu_linux 8.10 Sparc
- Ubuntu ubuntu_linux 9.04 Amd64
- Ubuntu ubuntu_linux 9.04 I386
- Ubuntu ubuntu_linux 9.04 Lpia
- Ubuntu ubuntu_linux 9.04 Powerpc
- Ubuntu ubuntu_linux 9.04 Sparc
- Xmlsoft libxml2 2.5.1
- Xmlsoft libxml2 2.5.10
- Xmlsoft libxml2 2.5.11
- Xmlsoft libxml2 2.5.4
- Xmlsoft libxml2 2.5.8
- Xmlsoft libxml2 2.6.0 .0
- Xmlsoft libxml2 2.6.1
- Xmlsoft libxml2 2.6.11
- Xmlsoft libxml2 2.6.12
- Xmlsoft libxml2 2.6.13
- Xmlsoft libxml2 2.6.14
- Xmlsoft libxml2 2.6.15
- Xmlsoft libxml2 2.6.16
- Xmlsoft libxml2 2.6.2
- Xmlsoft libxml2 2.6.26
- Xmlsoft libxml2 2.6.3
- Xmlsoft libxml2 2.6.30
- Xmlsoft libxml2 2.6.31
- Xmlsoft libxml2 2.6.4
- Xmlsoft libxml2 2.6.5
- Xmlsoft libxml2 2.6.6
- Xmlsoft libxml2 2.6.7
- Xmlsoft libxml2 2.6.8
- Xmlsoft libxml2 2.6.9
References
- BugTraq: 31126
- CVE: CVE-2008-3529